Security Advisories - guzzlehttp/guzzle - Packagist

guzzlehttp/guzzle Security Advisories for 7.4.0 (5)

[HIGH] CURLOPT_HTTPAUTH option not cleared on change of origin

PKSA-k1b4-kshy-xgbh CVE-2022-31090 GHSA-25mq-v84q-4j7r

Affected version: >=7,<7.4.5|>=4,<6.5.8

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Change in port should be considered a change in origin

PKSA-yfw5-9gnj-n2c7 CVE-2022-31091 GHSA-q559-8m2m-g699

Affected version: >=7,<7.4.5|>=4,<6.5.8

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Failure to strip the Cookie header on change in host or HTTP downgrade

PKSA-fvw5-9t6n-nwvr CVE-2022-31042 GHSA-f2wf-25xc-69c9

Affected version: >=7,<7.4.4|>=4,<6.5.7

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Fix failure to strip Authorization header on HTTP downgrade

PKSA-2z36-j4q9-rsfy CVE-2022-31043 GHSA-w248-ffj2-4v5q

Affected version: >=7,<7.4.4|>=4,<6.5.7

Reported by:
GitHub, FriendsOfPHP/security-advisories
[HIGH] Cross-domain cookie leakage

PKSA-6d8m-6kgw-18zr CVE-2022-29248 GHSA-cwmx-hcrq-mhc3

Affected version: >=7,<7.4.3|>=4,<6.5.6

Reported by:
GitHub, FriendsOfPHP/security-advisories